package org.camunda.bpm.engine.impl.identity.db;

import java.util.HashMap;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.cfg.auth.ResourceAuthorizationProvider;
import org.camunda.bpm.engine.impl.context.Context;
import org.camunda.bpm.engine.impl.identity.WritableIdentityProvider;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager;
import org.camunda.bpm.engine.impl.persistence.entity.GroupEntity;
import org.camunda.bpm.engine.impl.persistence.entity.UserEntity;

/* loaded from: input_file:org/camunda/bpm/engine/impl/identity/db/DbIdentityServiceProvider.class */
public class DbIdentityServiceProvider extends DbReadOnlyIdentityServiceProvider implements WritableIdentityProvider {
    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public UserEntity createNewUser(String str) {
        checkAuthorization(Permissions.CREATE, Resources.USER, null);
        return new UserEntity(str);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public User saveUser(User user) {
        UserEntity userEntity = (UserEntity) user;
        userEntity.encryptPassword();
        if (userEntity.getRevision() == 0) {
            checkAuthorization(Permissions.CREATE, Resources.USER, null);
            getDbSqlSession().insert(userEntity);
            createDefaultAuthorizations(userEntity);
        } else {
            checkAuthorization(Permissions.UPDATE, Resources.USER, user.getId());
            getDbSqlSession().update(userEntity);
        }
        return userEntity;
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteUser(String str) {
        checkAuthorization(Permissions.DELETE, Resources.USER, str);
        UserEntity findUserById = findUserById(str);
        if (findUserById != null) {
            deleteMembershipsByUserId(str);
            deleteAuthorizations(Resources.USER, str);
            getDbSqlSession().delete(findUserById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public GroupEntity createNewGroup(String str) {
        checkAuthorization(Permissions.CREATE, Resources.GROUP, null);
        return new GroupEntity(str);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public GroupEntity saveGroup(Group group) {
        GroupEntity groupEntity = (GroupEntity) group;
        if (groupEntity.getRevision() == 0) {
            checkAuthorization(Permissions.CREATE, Resources.GROUP, null);
            getDbSqlSession().insert(groupEntity);
            createDefaultAuthorizations(group);
        } else {
            checkAuthorization(Permissions.UPDATE, Resources.GROUP, group.getId());
            getDbSqlSession().update(groupEntity);
        }
        return groupEntity;
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteGroup(String str) {
        checkAuthorization(Permissions.DELETE, Resources.GROUP, str);
        GroupEntity findGroupById = findGroupById(str);
        if (findGroupById != null) {
            deleteMembershipsByGroupId(str);
            deleteAuthorizations(Resources.GROUP, str);
            getDbSqlSession().delete(findGroupById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void createMembership(String str, String str2) {
        checkAuthorization(Permissions.CREATE, Resources.GROUP_MEMBERSHIP, str2);
        HashMap hashMap = new HashMap();
        hashMap.put("userId", str);
        hashMap.put("groupId", str2);
        getDbSqlSession().getSqlSession().insert("insertMembership", hashMap);
        createDefaultMembershipAuthorizations(str, str2);
    }

    @Override // org.camunda.bpm.engine.impl.identity.WritableIdentityProvider
    public void deleteMembership(String str, String str2) {
        checkAuthorization(Permissions.DELETE, Resources.GROUP_MEMBERSHIP, str2);
        deleteAuthorizations(Resources.GROUP_MEMBERSHIP, str2);
        HashMap hashMap = new HashMap();
        hashMap.put("userId", str);
        hashMap.put("groupId", str2);
        getDbSqlSession().delete("deleteMembership", hashMap);
    }

    protected void deleteMembershipsByUserId(String str) {
        getDbSqlSession().delete("deleteMembershipsByUserId", str);
    }

    protected void deleteMembershipsByGroupId(String str) {
        getDbSqlSession().delete("deleteMembershipsByGroupId", str);
    }

    protected void createDefaultAuthorizations(UserEntity userEntity) {
        if (Context.getProcessEngineConfiguration().isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().newUser(userEntity));
        }
    }

    protected void createDefaultAuthorizations(Group group) {
        if (Context.getProcessEngineConfiguration().isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().newGroup(group));
        }
    }

    protected void createDefaultMembershipAuthorizations(String str, String str2) {
        if (Context.getProcessEngineConfiguration().isAuthorizationEnabled()) {
            saveDefaultAuthorizations(getResourceAuthorizationProvider().groupMembershipCreated(str2, str));
        }
    }

    protected ResourceAuthorizationProvider getResourceAuthorizationProvider() {
        return Context.getProcessEngineConfiguration().getResourceAuthorizationProvider();
    }

    protected void deleteAuthorizations(Resource resource, String str) {
        Context.getCommandContext().getAuthorizationManager().deleteAuthorizationsByResourceId(resource, str);
    }

    protected void saveDefaultAuthorizations(final AuthorizationEntity[] authorizationEntityArr) {
        if (authorizationEntityArr == null) {
            return;
        }
        Context.getCommandContext().runWithoutAuthentication(new Runnable() { // from class: org.camunda.bpm.engine.impl.identity.db.DbIdentityServiceProvider.1
            @Override // java.lang.Runnable
            public void run() {
                AuthorizationManager authorizationManager = Context.getCommandContext().getAuthorizationManager();
                for (AuthorizationEntity authorizationEntity : authorizationEntityArr) {
                    authorizationManager.insert(authorizationEntity);
                }
            }
        });
    }
}
